2 matches found
CVE-2024-8512 W3SPEEDSTER <= 7.26 - Authenticated (Administrator+) Remote Code Execution
The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization function. This is due to the plugin passing user supplied input to eval. This makes it possible for authenticated...
WordPress W3SPEEDSTER Plugin <= 7.26 is vulnerable to Remote Code Execution (RCE)
Software W3SPEEDSTER Type Plugin Vulnerable versions = 7.26 Fixed in 7.27 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8512 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e98a59b3436a Credits Lesor101 Required privilege Administrator...